failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.4 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)

[Marietto2008]

Hello to everyone.

This is the continuation of this post : #137

Yesterday I have installed ubuntu 20.04 within one lxc container (lxc installed via snap) because I want to run Docker. Infact Docker works under Ubuntu 20.04,but not on the ubuntu 22.04 that I have installed on the jetson nano as default. The commands that I have issued are the following ones :

lxc launch ubuntu:20.04 focal
lxc start focal
lxc exec focal -- dhclient

as you can see it is running correctly :

# lxc list

+-------+---------+----------------------+------+-----------+-----------+---------------------|
| NAME  |  STATE  |         IPV4         | IPV6 |   TYPE    | SNAPSHOTS       |
+-------+---------+----------------------+------+-----------+-----------+---------------------|
| focal | RUNNING | 10.234.85.232 (eth0) |      | CONTAINER | 0         |
+-------+---------+----------------------+------+-----------+-----------+---------------------|

root@marietto-nano:/home/marietto/Scaricati/Docker/ub20# lxc exec focal -- bash

root@focal:/etc/apt# apt update

Metadata [116 B]
Fetched 21.4 MB in 8s (2743 kB/s)                                                                                                     
Reading package lists... Done
Building dependency tree       
Reading state information... Done
4 packages can be upgraded. Run 'apt list --upgradable' to see them.

root@focal:/etc/apt# apt upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done

At this point I have copied all the content of the directory /etc/apt and of the directory /var/cache ; /var/cuda-repo-l4t-10-2-local ; /var/visionworks-repo ; /var/visionworks-sfm-repo ; /var/visionworks-tracking-repo inside the same directories within the ubuntu 20.04 container. At this point,I have installed docker with the command : apt-install nvidia-docker2 and I have launched it like this :

root@focal:/boot# dockerd

Unfortunately Docker does not work even with ubuntu 20.04 installed in this way :

INFO[2023-04-28T11:20:25.153282538+02:00] Starting up                                  

INFO[2023-04-28T11:20:25.155370083+02:00] detected 127.0.0.53 nameserver, assuming systemd-resolved, so using resolv.conf: /run/systemd/resolve/resolv.conf 

INFO[2023-04-28T11:20:25.157191112+02:00] parsed scheme: "unix"                         module=grpc

INFO[2023-04-28T11:20:25.157263718+02:00] scheme "unix" not registered, fallback to default scheme  module=grpc

INFO[2023-04-28T11:20:25.157341532+02:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc

INFO[2023-04-28T11:20:25.157378043+02:00] ClientConn switching balancer to "pick_first"  module=grpc

WARN[2023-04-28T11:20:26.158403160+02:00] grpc: addrConn.createTransport failed to connect to {unix:///run/containerd/containerd.sock  <nil> 0 <nil>}: didn't receive server preface in time. Reconnecting...  module=grpc

INFO[2023-04-28T11:20:27.408201347+02:00] parsed scheme: "unix"                         module=grpc

INFO[2023-04-28T11:20:27.408272963+02:00] scheme "unix" not registered, fallback to default scheme  module=grpc

INFO[2023-04-28T11:20:27.408341298+02:00] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}  module=grpc

INFO[2023-04-28T11:20:27.408387132+02:00] ClientConn switching balancer to "pick_first"  module=grpc

WARN[2023-04-28T11:20:27.485812984+02:00] Unable to find cpu controller                

WARN[2023-04-28T11:20:27.485932205+02:00] Unable to find cpuset controller             

INFO[2023-04-28T11:20:27.488136836+02:00] Loading containers: start.                   

WARN[2023-04-28T11:20:27.552411099+02:00] Running iptables --wait -t nat -L -n failed with message: `iptables v1.8.4 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.`, error: exit status 3 

INFO[2023-04-28T11:20:27.651452838+02:00] stopping event stream following graceful shutdown  error="<nil>" module=libcontainerd namespace=moby

failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.4 (legacy): can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

[poppopbean0903]

Hi, I met the same problem, have u solved this issue?

[nguyenhoanganhtuan1206]

I've encountered this problem when I use Ubuntu as a docker image and install Docker on it. And my solution is to add more flag "--privileged" when executing to container "docker exec -it --privileged /bin/bash".